Did you try what Adam is suggesting in the earlier email. Also to quickly check you can try remove keystore and key.password configs from client side. -Harsha
On Thu, Feb 18, 2016, at 02:49 PM, Srikrishna Alla wrote: > Hi, > > We are getting the below error when trying to use a Java new producer > client. Please let us know the reason for this error - > > Error message: > [2016-02-18 15:41:06,182] DEBUG Accepted connection from /10.**.***.** on > /10.**.***.**:9093. sendBufferSize [actual|requested]: [102400|102400] > recvBufferSize [actual|requested]: [102400|102400] > (kafka.network.Acceptor) > [2016-02-18 15:41:06,183] DEBUG Processor 1 listening to new connection > from /10.**.**.**:46419 (kafka.network.Processor) > [2016-02-18 15:41:06,283] DEBUG SSLEngine.closeInBound() raised an > exception. (org.apache.kafka.common.network.SslTransportLayer) > javax.net.ssl.SSLException: Inbound closed before receiving peer's > close_notify: possible truncation attack? > at sun.security.ssl.Alerts.getSSLException(Alerts.java:208) > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1639) > at sun.security.ssl.SSLEngineImpl.fatal(SSLEngineImpl.java:1607) > at sun.security.ssl.SSLEngineImpl.closeInbound(SSLEngineImpl.java:1537) > at > > org.apache.kafka.common.network.SslTransportLayer.handshakeFailure(SslTransportLayer.java:723) > at > > org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:313) > at > org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:68) > at org.apache.kafka.common.network.Selector.poll(Selector.java:281) > at kafka.network.Processor.run(SocketServer.scala:413) > at java.lang.Thread.run(Thread.java:722) > [2016-02-18 15:41:06,283] DEBUG Connection with > l************.com/10.**.**.** disconnected > (org.apache.kafka.common.network.Selector) > javax.net.ssl.SSLException: Unrecognized SSL message, plaintext > connection? > at > > sun.security.ssl.EngineInputRecord.bytesInCompletePacket(EngineInputRecord.java:171) > at sun.security.ssl.SSLEngineImpl.readNetRecord(SSLEngineImpl.java:845) > at sun.security.ssl.SSLEngineImpl.unwrap(SSLEngineImpl.java:758) > at javax.net.ssl.SSLEngine.unwrap(SSLEngine.java:624) > at > > org.apache.kafka.common.network.SslTransportLayer.handshakeUnwrap(SslTransportLayer.java:408) > at > > org.apache.kafka.common.network.SslTransportLayer.handshake(SslTransportLayer.java:269) > at > org.apache.kafka.common.network.KafkaChannel.prepare(KafkaChannel.java:68) > at org.apache.kafka.common.network.Selector.poll(Selector.java:281) > at kafka.network.Processor.run(SocketServer.scala:413) > at java.lang.Thread.run(Thread.java:722) > > Producer Java client code: > System.setProperty("javax.net.debug","ssl:handshake:verbose"); > Properties props = new Properties(); > props.put("bootstrap.servers", "************.com:9093"); > props.put("acks", "all"); > props.put("retries", "0"); > props.put("batch.size", "16384"); > props.put("linger.ms", "1"); > props.put("buffer.memory", "33554432"); > props.put("key.serializer", > "org.apache.kafka.common.serialization.StringSerializer"); > props.put("value.serializer", > "org.apache.kafka.common.serialization.StringSerializer"); > props.put("security.protocol", "SSL"); > props.put("ssl.protocal", "SSL"); > props.put("ssl.truststore.location", > "/idn/home/salla8/ssl/kafka_client_truststore.jks"); > props.put("ssl.truststore.password", "p@ssw0rd"); > props.put("ssl.keystore.location", > "/idn/home/salla8/ssl/kafka_client_keystore.jks"); > props.put("ssl.keystore.password", "p@ssw0rd"); > props.put("ssl.key.password", "p@ssw0rd"); > Producer<String, String> producer = new > KafkaProducer<String, String>(props); > > > Configuration -server.properties: > broker.id=0 > listeners=SSL://:9093 > num.network.threads=3 > num.io.threads=8 > socket.send.buffer.bytes=102400 > socket.receive.buffer.bytes=102400 > socket.request.max.bytes=104857600 > security.inter.broker.protocol=SSL > ssl.keystore.location=/opt/kafka_2.11-0.9.0.0/config/ssl/kafka.server.keystore.jks > ssl.keystore.password=p@ssw0rd > ssl.key.password=p@ssw0rd > ssl.truststore.location=/opt/kafka_2.11-0.9.0.0/config/ssl/kafka.server.truststore.jks > ssl.truststore.password=p@ssw0rd > ssl.client.auth=required > log.dirs=/tmp/kafka-logs > num.partitions=1 > num.recovery.threads.per.data.dir=1 > log.retention.hours=168 > log.segment.bytes=1073741824 > log.retention.check.interval.ms=300000 > log.cleaner.enable=false > zookeeper.connect=*********:5181/test900 > zookeeper.connection.timeout.ms=6000 > > > Logs - kafkaServer.out: > [2016-02-17 08:58:00,226] INFO KafkaConfig values: > request.timeout.ms = 30000 > log.roll.hours = 168 > inter.broker.protocol.version = 0.9.0.X > log.preallocate = false > security.inter.broker.protocol = SSL > controller.socket.timeout.ms = 30000 > ssl.keymanager.algorithm = SunX509 > ssl.key.password = null > log.cleaner.enable = false > num.recovery.threads.per.data.dir = 1 > background.threads = 10 > unclean.leader.election.enable = true > sasl.kerberos.kinit.cmd = /usr/bin/kinit > replica.lag.time.max.ms = 10000 > ssl.endpoint.identification.algorithm = null > auto.create.topics.enable = true > zookeeper.sync.time.ms = 2000 > ssl.client.auth = required > ssl.keystore.password = [hidden] > log.cleaner.io.buffer.load.factor = 0.9 > offsets.topic.compression.codec = 0 > log.retention.hours = 168 > ssl.protocol = TLS > log.dirs = /tmp/kafka-logs > log.index.size.max.bytes = 10485760 > sasl.kerberos.min.time.before.relogin = 60000 > log.retention.minutes = null > connections.max.idle.ms = 600000 > ssl.trustmanager.algorithm = PKIX > offsets.retention.minutes = 1440 > max.connections.per.ip = 2147483647 > replica.fetch.wait.max.ms = 500 > metrics.num.samples = 2 > port = 9092 > offsets.retention.check.interval.ms = 600000 > log.cleaner.dedupe.buffer.size = 524288000 > log.segment.bytes = 1073741824 > group.min.session.timeout.ms = 6000 > producer.purgatory.purge.interval.requests = 1000 > min.insync.replicas = 1 > ssl.truststore.password = [hidden] > log.flush.scheduler.interval.ms = 9223372036854775807 > socket.receive.buffer.bytes = 102400 > leader.imbalance.per.broker.percentage = 10 > num.io.threads = 8 > offsets.topic.replication.factor = 3 > zookeeper.connect = lpdbd0055:5181/test900 > queued.max.requests = 500 > replica.socket.timeout.ms = 30000 > offsets.topic.segment.bytes = 104857600 > replica.high.watermark.checkpoint.interval.ms = 5000 > broker.id = 0 > ssl.keystore.location = > /opt/kafka_2.11-0.9.0.0/config/ssl/keystore.jks > listeners = SSL://:9093 > log.flush.interval.messages = 9223372036854775807 > principal.builder.class = class > org.apache.kafka.common.security.auth.DefaultPrincipalBuilder > log.retention.ms = null > offsets.commit.required.acks = -1 > sasl.kerberos.principal.to.local.rules = [DEFAULT] > group.max.session.timeout.ms = 30000 > num.replica.fetchers = 1 > advertised.listeners = null > replica.socket.receive.buffer.bytes = 65536 > delete.topic.enable = false > log.index.interval.bytes = 4096 > metric.reporters = [] > compression.type = producer > log.cleanup.policy = delete > controlled.shutdown.max.retries = 3 > log.cleaner.threads = 1 > quota.window.size.seconds = 1 > zookeeper.connection.timeout.ms = 6000 > offsets.load.buffer.size = 5242880 > zookeeper.session.timeout.ms = 6000 > ssl.cipher.suites = null > authorizer.class.name = > sasl.kerberos.ticket.renew.jitter = 0.05 > sasl.kerberos.service.name = null > controlled.shutdown.enable = true > offsets.topic.num.partitions = 50 > quota.window.num = 11 > message.max.bytes = 1000012 > log.cleaner.backoff.ms = 15000 > log.roll.jitter.hours = 0 > log.retention.check.interval.ms = 300000 > replica.fetch.max.bytes = 1048576 > log.cleaner.delete.retention.ms = 86400000 > fetch.purgatory.purge.interval.requests = 1000 > log.cleaner.min.cleanable.ratio = 0.5 > offsets.commit.timeout.ms = 5000 > zookeeper.set.acl = false > log.retention.bytes = -1 > offset.metadata.max.bytes = 4096 > leader.imbalance.check.interval.seconds = 300 > quota.consumer.default = 9223372036854775807 > log.roll.jitter.ms = null > reserved.broker.max.id = 1000 > replica.fetch.backoff.ms = 1000 > advertised.host.name = null > quota.producer.default = 9223372036854775807 > log.cleaner.io.buffer.size = 524288 > controlled.shutdown.retry.backoff.ms = 5000 > log.dir = /tmp/kafka-logs > log.flush.offset.checkpoint.interval.ms = 60000 > log.segment.delete.delay.ms = 60000 > num.partitions = 1 > num.network.threads = 3 > socket.request.max.bytes = 104857600 > sasl.kerberos.ticket.renew.window.factor = 0.8 > log.roll.ms = null > ssl.enabled.protocols = [TLSv1.2, TLSv1.1, TLSv1] > socket.send.buffer.bytes = 102400 > log.flush.interval.ms = null > ssl.truststore.location = > /opt/kafka_2.11-0.9.0.0/config/ssl/truststore.jks > log.cleaner.io.max.bytes.per.second = > 1.7976931348623157E308 > default.replication.factor = 1 > metrics.sample.window.ms = 30000 > auto.leader.rebalance.enable = true > host.name = > ssl.truststore.type = JKS > advertised.port = null > max.connections.per.ip.overrides = > replica.fetch.min.bytes = 1 > ssl.keystore.type = JKS > (kafka.server.KafkaConfig) > Thanks, > Sri > > > > American Express made the following annotations > ****************************************************************************** > "This message and any attachments are solely for the intended recipient > and may contain confidential or privileged information. If you are not > the intended recipient, any disclosure, copying, use, or distribution of > the information included in this message and any attachments is > prohibited. If you have received this communication in error, please > notify us by reply e-mail and immediately and permanently delete this > message and any attachments. Thank you." > > American Express a ajouté le commentaire suivant le Ce courrier et toute > pièce jointe qu'il contient sont réservés au seul destinataire indiqué et > peuvent renfermer des > renseignements confidentiels et privilégiés. Si vous n'êtes pas le > destinataire prévu, toute divulgation, duplication, utilisation ou > distribution du courrier ou de toute pièce jointe est interdite. Si vous > avez reçu cette communication par erreur, veuillez nous en aviser par > courrier et détruire immédiatement le courrier et les pièces jointes. > Merci. > > ******************************************************************************